Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers
According to a report dated April 24, 2023, print management software provider PaperCut reported that unpatched servers were being exploited by attackers. Two vulnerability reports from Trend Micro were cited to support the claim.
Cybersecurity firm Huntress found about 1,800 publicly exposed PaperCut servers with PowerShell commands generated from PaperCut software to install malware. A domain that hosted malicious tools such as TrueBot was registered on April 12, 2023, although the company did not directly detect the downloader deployment.
Huntress researchers said that while the purpose of the activity is unknown, links to a known ransomware entity are of concern.
Read more about it: here